Security Intelligence, two different Approaches

Mika/ October 20, 2011/ Internet, Report, Security

We are monitoring activities around Security Intelligence since a while and found quite different understandings and approaches. Security Intelligence is one the newest disciplines in the area of Information Security and the goals seems to be quite vague. Different organizations seem to have totally different understandings of what Security Intelligence should be about. To illustrate this I would like to compare two of the leading IT vendors and what they publish as “Security Intelligence”: Cisco Security Intelligence Operations Cisco lists on the Security Intelligence Portal mainly security advisories, alerts, responses and information about Cisco product updates, signature updates, mitigation bulletins virus watch and similar topics. To provide this kind of information is in my humble opinion the task of a CERT (Computer Emergency Response Team) or a PSIRT (Product Security Incident Response Team).

Read More

When Blackholes backfire…

Mika/ September 15, 2011/ Internet, Odd, Stories

According to our current scientific folklore nothing will ever come out of a black hole, no matter or particles, no light, no information. But black holes in networking  can backfire from time to time. Of course I’m talking about “black-holing” Internet traffic, a strategy often used on backbones to defend against attacks, specifically flooding, DDoS and the like. Here is a little story about black hole routing that actually happened, the involved ISP and the victim will not be disclosed for hopefully obvious reasons: Black Hole Routing The specific case I want to talk about is not the common black hole routing explained nicely by Jeremy Stretch on Packetlife which drops traffic to a victim of a DDoS attack. Instead I focus on the “advanced” version of this: RFC 5635: Remote Triggered Black Hole

Read More

Data Leaks Reviewed

René Pfeiffer/ April 28, 2011/ Internet, Security

Often single incidents don’t attract much attention, but the combination does. We’re getting used to lost laptops, USB sticks, CDs/DVDs/HDs and gadgets containing data. There’s even a project trying to keep track of data loss incidents world-wide, it’s called DataLossDB. Compromised web sites are also quite common. Only figures raise eyebrows, so this week’s favourite news item is Sony and the PS3 network. Someone created unauthorised backups of database tables containing (encrypted) credit card information, user names, passwords, birth dates and home addresses of PlayStation Network users. We still don’t know the nature of the security breach, however the impact is substantial both in terms of number of stolen records and very probably financial damage. There’s been not much talk about the passwords and their data format, but we all know that few people

Read More

The Networks as Tool and Target at the same time

René Pfeiffer/ February 4, 2011/ Internet, Security

Unless you have been without access to the Internet, mobile network(s) and independent media you’ve probably followed the events in Egypt. The shutdown of the Internet throughout the country was an unprecedented move. It took some people by surprise, but anyone with a decent knowledge of routing protocols knew what was going on. There was no magic involved, just simply BGP packets. The aftermath of the still ongoing demonstrations and the show of force can already be seen. The Internet is gaining relevance when it comes to infrastructure. It’s not as important as telephone networks or the power grid, but sooner or later it probably will (especially since phone and power grid services move to the Internet for messaging/transport purposes). The lack of Internet connectivity was bypassed by telephone lines. Dial-up connections with modems

Read More

It’s tiem*) again: NAT66

Mika/ August 29, 2010/ Internet, Security

ITT *) : NAT66 (picture unrelated) In this thread we discuss NAT Maybe the picture is related. We all want to have our communications as safe as possible and we choose appropriate security mechanisms to achieve this goal. We follow “Best Current Practices”, recommendations from security experts and we follow traditions in our own organization. And there is an old tradition, maybe too old to get it out of our heads: NAT will add to security. It will not. Full stop. No Discussion. The topic has been closed long ago and there is no need to microwave it and serve it as a quick midnight-snack just because you feel a little bit hungry, just because you have the feeling there is something missing. We are living on a new diet in the IPv6 world.

Read More

Native Code Protection and Security

René Pfeiffer/ June 24, 2010/ Development, Internet

The Mozilla vice president of products announced that Firefox doesn’t need to run native code anymore when it comes to plugins. The idea is called crash protection for it aims to keep the web browser alive when a plugin fails to run correctly. At the same time the magical words about the future being in the hands of (open) web standards and HTML5 are uttered. What does this imply in terms of security? Is there any benefit? The thought of having more reliable web browsers is certainly tempting. It is also true that overloading the browser with plugins increases the „angle of attack” to the point of stalling or most probably catching some malware floating around on the Web. The message seems to be that seperating vulnerable plugins from the browser doesn’t rule out

Read More